Page 824 - StudyBook.pdf
P. 824

808    Appendix • Self Test Appendix

             14. How can cryptography be used to implement access control?
                  A. By having people sign on using digital certificates, then placing restrictions on a per-cer-
                      tificate basis that allows access only to a specified set of resources.
                  B. By using a symmetric algorithm and only distributing the key to those you want to have
                      access to the encrypted information.
                  C. By digitally signing all documents.
                  D. By encrypting all documents.
              Answer A. From the given responses, this is the only viable method for using cryptography-
                 based access control.
              Answers B, C, and D. Distributing secret keys is always a bad idea, so that answer is a poor
                 means of providing access control. Digitally signing every document is not only infeasible, it
                 would not implement any additional access controls. Similarly, encrypting all documents might
                 keep information safe from those without the ability to decrypt them, but you would need to
                 establish another system on top of that such that one person cleared for encrypting a certain
                 document cannot automatically decrypt any other document.

             15. You receive a digitally signed e-mail message.Which of the following actions can the author
                 take?
                  A. Send you another unsigned message.
                  B. Dispute the wording in parts of the message.
                  C. Claim the message was not sent.
                  D. Revoke the message.
              Answer A. Digital signatures apply only to the message that they sign.There is nothing in the
                 technology that would prevent the author from sending you another message signed or
                 unsigned.
              Answers B, C, and D.A digitally signed messaged has the property of non-repudiation.That
                 means the author cannot claim that he did not send it, or that you did not receive his message
                 with the intended wording. Digital signatures have nothing to do with revoking messages, so
                 the author has no way to revoke his message either.


             Chapter 10: Public Key Infrastructure


             1.  You are applying for a certificate for the Web server for your company.Which of these parties
                 would you not expect to be contacting in the process?
                  A. A registration authority (RA)
                  B. A leaf CA
                  C. A key escrow agent
                  D. A root CA






          www.syngress.com
   819   820   821   822   823   824   825   826   827   828   829